I got an automated alert (from some Google Cloud Monitoring that I had set up) that the mifos account's password on the Fineract.dev demo server changed.

So you currently actually cannot _login with e.g. mifos/password (anymore), as per https://www.fineract.dev.

This could be due to an intentional malicious intent by some... idiot (sorry), or an honest mistake by someone. It doesn't really matter which one it is - I now must manually reset the mifos user's password.

The more interesting question is perhaps how to prevent this from happening again.... couple of thoughts with ideas what we could do here for the general underlying issue - opinions welcome, e.g. from @ptuomola or @davidyaha or anyone else interested:

1. Should we look into introducing a feature in Fineract (core) to have "locked passwords"? Then set that on the mifos account. It would likely prevent "accidental" changes, but someone truly malicious could still create ANOTHER admin account on the demo server and then use that one to change the mifos user account... so yeah, maybe not.

2. Should we just not have a default mifos/password on our community demo server at all anymore?! But that would then require some other mechanism to "sign up" to get a personal account on it. Could be interesting. Slightly raises the bar for people to try it though. Perhaps that could be a good thing?